场景:当我们修改完系统时间的时区后,我们去查看我们的系统日志的时间发现时区还是在之前的系统时间时区。
[root@vp-n ~]# ls -l /etc/localtime
lrwxrwxrwx 1 root root 33 May 22 11:59 /etc/localtime -> /usr/share/zoneinfo/Asia/Shanghai
[root@vp-n ~]# date
Tue May 22 14:16:27 CST 2018
[root@vp-n ~]# tail -f /var/log/secure
May 22 04:55:33 vp-n sshd[10462]: Received disconnect from 221.194.47.239 port 51137:11: [preauth]
May 22 04:55:33 vp-n sshd[10462]: Disconnected from 221.194.47.239 port 51137 [preauth]
May 22 05:34:37 vp-n sshd[10519]: Received disconnect from 122.226.181.164 port 51822:11: [preauth]
May 22 05:34:37 vp-n sshd[10519]: Disconnected from 122.226.181.164 port 51822 [preauth]
May 22 05:35:46 vp-n sshd[10524]: Received disconnect from 221.194.47.243 port 44655:11: [preauth]
May 22 05:35:46 vp-n sshd[10524]: Disconnected from 221.194.47.243 port 44655 [preauth]
May 22 05:41:51 vp-n sshd[10529]: Received disconnect from 115.238.245.8 port 58759:11: [preauth]
May 22 05:41:51 vp-n sshd[10529]: Disconnected from 115.238.245.8 port 58759 [preauth]
May 22 05:59:00 vp-n sshd[10540]: Received disconnect from 221.194.47.221 port 55043:11: [preauth]
May 22 05:59:00 vp-n sshd[10540]: Disconnected from 221.194.47.221 port 55043 [preauth]
你可以看到上方我的系统时间是下午的时间(也就是北京时间),但是我看日志的记录时间还是以之前的时区进行记录日志,这会导致我们以后对一些故障的时间判断造成影响。
解决方法:我们需要重启一下我们的系统日志服务(rsyslog),(你也可以重启系统,但是你懂的)
systemctl restart rsyslog
之后这个问题就可以解决了。日志就恢复正常了。
[root@vp-n ~]# tail - /var/log/secure
May :: vp-n polkitd[]: Unregistered Authentication Agent for unix-process:: (system bus name :1.713, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-) (disconnected from bus)
[root@vp-n ~]# date
Tue May :: CST
在此做个记录,便于以后查询。